Improving the Way Risk Management is Perceived by the Enterprise

Survey respondents were encouraged to share what they have done to help improve the perception of security and risk management programs in the eyes of their enterprise. Here are some of the common themes:

Customer service is important. Make security customer centric and shift away from the traditional mentality of gates, guns and guards.

Integrating risk management into projects throughout the enterprise at the initial stage. Do so by getting management to understand that the business can be improved by managing risk productively and more efficiently.

Awareness plays a big role in how organizations perceive the risk management team. Publicize issues that affect the organization and employees. Help teach them why security is important. Measure and make results available to senior leadership. A strong awareness program is not just about distributing policies and rules. It is also a time to communicate the business value that a holistic and comprehensive enterprise risk management program brings to the organization.

Make sure your team understands the business goals of the enterprise and how they fit into and support those goals. Have them look for ways to provide added value and how innovations can be leveraged outside the traditional security environment. Your team must see themselves as business professionals who happen to be security practitioners.

That is not to say changing the organization's perception is easy to accomplish. Some commentary delved into the hurdles that needed to be overcome:

Getting the organization to recognize risk management has a role to play at a corporate management level is difficult if they see your role simply as facility protection.

Changing perceptions can be a frustratingly slow process. Some organization departments will quickly recognize the value you can bring while others will be unsupportive. It might be necessary to work on changing perceptions one team at a time.

While your team might be doing everything right, it can still be seen by your organization as just a necessary evil. Have you ever wished you could change that perception?

The Security Executive Council is made up of former risk management executives for some of the world's premier organizations. Their success is proof of their ability to demonstrate the value that their risk management teams have provided to their organizations.